Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
2
Replies

ACE shared vlans

Go to solution
eberhard-schulz
Level 1
Level 1

‎04-09-2009 05:10 AM

Hello

we have a pair of ace with 2 differnt context.

The goal is to route traffic from one context (a) to the other one (b)

Therefore we create a shared vlan between the contexts.

The Problem is that it is not possible to Ping the other Context (or get traffic over it).

In the arp table the mac address of the other context is not learned (just 0)

In the admin context we did alread configured the shared vlan host id to avoid mac adress problems.

It is only working if one of the context is hot in the maschine a and the other one is hot on maschine b. Then it works as expexted.

Config:

-------------------

General:

access-list ACL_ANY line 8 extended permit ip any any

policy-map multi-match POL_TCP

class class-default

connection advanced-options PMAP_TCP

parameter-map type connection PMAP_TCP

no random-sequence-number

policy-map type management first-match POL_ICMP

class CLASS_ICMP

permit

class-map type management match-any CLASS_ICMP

2 match protocol icmp any

--------------------------------------------

Context A:

interface vlan 827

ip address 10.208.64.42 255.255.255.248

alias 10.208.64.41 255.255.255.248

peer ip address 10.208.64.43 255.255.255.248

no normalization

no icmp-guard

access-group input ACL_ANY

access-group output ACL_ANY

service-policy input POL_ICMP

service-policy input POL_TCP

no shutdown

Context B:

interface vlan 827

description PEP_5.0_Linknetz_to_GGSN_Context

ip address 10.208.64.44 255.255.255.248

alias 10.208.64.46 255.255.255.248

peer ip address 10.208.64.45 255.255.255.248

no normalization

no icmp-guard

mac-sticky enable

access-group input ACL_ANY

access-group output ACL_ANY

service-policy input POL_ICMP

service-policy input POL_TCP

no shutdown

-------------------------------

Admin Context:

To avoid duplicate Mac's

shared-vlan-hostid 1

peer shared-vlan-hostid 2

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dario.didio
Level 4
Level 4

‎04-09-2009 05:47 AM

Hi, it is not possible to do this.

A quote from the Routing-Briding configuration guide:

"The ACE also supports shared VLANs, which are multiple interfaces in different contexts on the same VLAN within the same subnet. Only routed interfaces can share VLANs. Note that there is no routing across contexts even when shared VLANs are configured."

link: http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/rtg_brdg/guide/vlansif.html#wp1004100

You need a device outside the ACE to accomplish this.

HTH,

Dario

View solution in original post

0 Helpful
2 Replies 2

Go to solution
dario.didio
Level 4
Level 4

‎04-09-2009 05:47 AM

Hi, it is not possible to do this.

A quote from the Routing-Briding configuration guide:

"The ACE also supports shared VLANs, which are multiple interfaces in different contexts on the same VLAN within the same subnet. Only routed interfaces can share VLANs. Note that there is no routing across contexts even when shared VLANs are configured."

link: http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/rtg_brdg/guide/vlansif.html#wp1004100

You need a device outside the ACE to accomplish this.

HTH,

Dario

0 Helpful

Go to solution
sachinga.hcl
Level 4
Level 4
In response to dario.didio

‎04-11-2009 08:03 PM

Hi Dear,

There is no routing possible across contexts even when shared VLANs are configured.

The ACE appliance has four physical Ethernet interface ports. All VLANs are allocated to the physical ports. After the VLANs are assigned, you can configure the corresponding VLAN interfaces as either routed or bridged for use. When you configure an IP address on an interface, the ACE appliance automatically makes it a routed mode interface.

Similarly, when you configure a bridge group on an interface VLAN, the ACE appliance automatically makes it a bridged interface. Then, you associate a bridge-group virtual interface (BVI) with the bridge group.

The ACE appliance also supports shared VLANs; multiple interfaces in different contexts on the same VLAN within the same subnet. Only routed interfaces can share VLANs.

n routed mode, the ACE is considered a router hop in the network. In the Admin or user contexts, the ACE supports static routes only. The ACE supports up to eight equal cost routes for load balancing.

You need a router outside the ACE ting betweeen thse two context.

kind regards,

sachin

0 Helpful
Customers Also Viewed These Support Documents